On Mon, Sep 1, 2008 at 14:38, Shugo Maeda <shugo / ruby-lang.org> wrote: > Hello, > > 2008/8/30 Eric Hodel <drbrain / segment7.net>: >>> The attached patch is to fix the DoS vulnerability in REXML. It's based >>> on >>> the monkey patch by Michael Koziarski, but there are some considerations >>> to apply it. >>> >>> * The name of the API to set the expansion limit. >>> (Is REXML::Document#entity_expansion_limit= OK?) >> >> I think this name is ok. > > Thank you. I commited it to svn trunk. Please tell me if there are > any problems. Should this also be applied to the ruby_1_8, ruby_1_8_6 and ruby_1_8_7 branches? Regards, -- Richard Brown